app/models/key.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

# == Schema Information
#
# Table name: keys
#
#  id          :integer          not null, primary key
#  user_id     :integer
#  created_at  :datetime
#  updated_at  :datetime
#  key         :text
#  title       :string(255)
#  type        :string(255)
#  fingerprint :string(255)
#

require 'digest/md5'

class Key < ActiveRecord::Base
  include Sortable
  include Gitlab::Popen

  belongs_to :user

  before_validation :strip_white_space, :generate_fingerprint

  validates :title, presence: true, length: { within: 0..255 }
  validates :key, presence: true, length: { within: 0..5000 }, format: { with: /\A(ssh|ecdsa)-.*\Z/ }, uniqueness: true
  validates :fingerprint, uniqueness: true, presence: { message: 'cannot be generated' }

  delegate :name, :email, to: :user, prefix: true

  after_create :add_to_shell
  after_create :notify_user
  after_create :post_create_hook
  after_destroy :remove_from_shell
  after_destroy :post_destroy_hook

  def strip_white_space
    self.key = key.strip unless key.blank?
  end

  # projects that has this key
  def projects
    user.authorized_projects
  end

  def shell_id
    "key-#{id}"
  end

  def add_to_shell
    GitlabShellWorker.perform_async(
      :add_key,
      shell_id,
      key
    )
  end

  def notify_user
    NotificationService.new.new_key(self)
  end

  def post_create_hook
    SystemHooksService.new.execute_hooks_for(self, :create)
  end

  def remove_from_shell
    GitlabShellWorker.perform_async(
      :remove_key,
      shell_id,
      key,
    )
  end

  def post_destroy_hook
    SystemHooksService.new.execute_hooks_for(self, :destroy)
  end

  private

  def generate_fingerprint
    self.fingerprint = nil
    return unless key.present?

    cmd_status = 0
    cmd_output = ''
    Tempfile.open('gitlab_key_file') do |file|
      file.puts key
      file.rewind
      
      # OpenSSH 6.8 introduces a new default output format for fingerprints.
      # Check the version and decide which command to use.
      version_output, version_status = popen(%W(ssh -V))
      explicit_fingerprint_algorithm = false
      if version_status.zero?
        out, _ = version_output.scan /.*?(\d)\.(\d).*?,/
        major, minor = out[0], out[1]
        if major.to_i > 6 or (major.to_i == 6 and minor.to_i >= 8)
          explicit_fingerprint_algorithm = true
        end
      end

      if explicit_fingerprint_algorithm
        cmd_output, cmd_status = popen(%W(ssh-keygen -E md5 -lf #{file.path}), '/tmp')
      else
        cmd_output, cmd_status = popen(%W(ssh-keygen -lf #{file.path}), '/tmp')
      end
    end

    if cmd_status.zero?
      cmd_output.gsub /(\h{2}:)+\h{2}/ do |match|
        self.fingerprint = match
      end
    end
  end
end